public Task <IEnumerable <X509Certificate2> > GetCertificatesAsync(CancellationToken cancellationToken) { var domainNames = new HashSet <string>(_options.Value.DomainNames); var result = new List <X509Certificate2>(); var certs = _store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, validOnly: !AllowInvalidCerts); foreach (var cert in certs) { if (!cert.HasPrivateKey) { continue; } foreach (var dnsName in X509CertificateHelpers.GetAllDnsNames(cert)) { if (domainNames.Contains(dnsName)) { result.Add(cert); break; } } } return(Task.FromResult(result.AsEnumerable())); }
public void AddChallengeCert(X509Certificate2 certificate) { foreach (var dnsName in X509CertificateHelpers.GetAllDnsNames(certificate)) { AddWithDomainName(_challengeCerts, dnsName, certificate); } }
private void PreloadIntermediateCertificates(X509Certificate2 certificate) { if (certificate.IsSelfSigned()) { return; } // workaround for https://github.com/dotnet/aspnetcore/issues/21183 using var chain = new X509Chain { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck } }; var commonName = X509CertificateHelpers.GetCommonName(certificate); try { if (chain.Build(certificate)) { _logger.LogTrace("Successfully tested certificate chain for {commonName}", commonName); return; } } catch (CryptographicException ex) { _logger.LogDebug(ex, "Failed to validate certificate chain for {commonName}", commonName); } _logger.LogWarning( "Failed to validate certificate for {commonName} ({thumbprint}). This could cause an outage of your app.", commonName, certificate.Thumbprint); }
public virtual void Add(X509Certificate2 certificate) { PreloadIntermediateCertificates(certificate); foreach (var dnsName in X509CertificateHelpers.GetAllDnsNames(certificate)) { AddWithDomainName(_certs, dnsName, certificate); } }